[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] susefirewall2 problem (SuSE 10.1) [solved]



Am Sonntag, 23. Juli 2006 21:01 schrieb Carlos E. R.:

> The Sunday 2006-07-23 at 16:29 +0200, Jan Ritzerfeld wrote:
> > You should check your /etc/sysconfig/SuSEfirewall2. E.g., by using
> > grep -v "#" /etc/sysconfig/SuSEfirewall2
> > to ensure that all options are well-formed (KEY="VALUE"). If so, try to
> > comment out all options and re-add them one by one until the problem is
> > triggered.
>
> As far as I can see, they are all well formed, no "#" appears in the
> output. (...).

Oops, the regex was somewhat wrong, or useless. grep -v "^#" would have been 
better.

> FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data \
> ## Type:        string
> ## Default:
>  192.168.1.11,tcp,ssh \
>      192.168.1.1,udp,tftp"

Argh, such lines would be surpressed, regardless which regex you used.

> I removed the comments in the middle and the error got corrected. I can't
> understand how they got there :-O

Does not matter. You found the error. :)

> > > I'm also getting some strange errors, maybe non related:
> > >
> > > Jul 23 13:13:16 nimrodel kernel: SFW2-OUT-ERROR IN= OUT=eth0
> > > SRC=192.168.1.12 DST=134.76.11.100 LEN=52 TOS=0x00 PREC=0x00 TTL=64
> > > ID=61663 DF PROTO=TCP SPT=24438 DPT=80 WINDOW=2184 RES=0x00 ACK FIN
> > > URGP=0 OPT (0101080A0002D56B70A5E356)
> > > (...).
> >
> > Hmm, you already experienced such log entries some months ago. :)
> > http://lists.suse.com/archive/suse-security/2006-Apr/0056.html
>
> True enough. But this is the first time I noticed them appearing in the
> log at the same time as I clicked somewhere, ie, repeatable.

For me, this kind of errors was repeatable when using "whois" querying a 
special domain, i.e., a special whois server. But I do not think that these 
"errors" are harmfull and, so, I just ignore them.
BTW, one of the IP addresses appearing in my SW2-OUT-ERRORs is 
195.135.221.132, ftp.suse.com ...

> And previously it was 9.3, now it is 10.1

AFAIK, there was not much change in the SuSEfirewall2 ...

Gruß
 Jan
-- 
You have taken yourself too seriously.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here